Shared Responsibility

Securing data used to be straightforward: firewalls protected on-premise networks from incoming and outgoing threats. But then came the cloud. The onset of SaaS, PaaS and IaaS has seen applications and user access bypassing those firewalls. “There is a misconceptions that, as you’ve moved everything to the cloud, it must be secure; when the opposite is true,” said Dominic Ryles, Business Development Manager IT Enterprise Commercial.

Who is responsible for the security of your data while it is stored in a cloud? Ask around, see if there is a consensus. The issue is that not many are aware where responsibility lies.

What’s required is a shared responsibility model; a framework that clearly sets out who is liable, when and where. As a rule the cloud provider is responsible for the security of the cloud (the operating system, the virtualisation layer and the actual premises), while the data owner has to take ownership of their content while it is in the cloud. So, for example, if there are updates for software or apps in use, the onus to install them falls to the data owner – the cloud customer.

"The first step for any business when migrating to the public cloud is to understand who is responsible for their business data and the workloads held in it," said Maxim Frolov, vice president of global sales at Kaspersky Lab. "Cloud providers normally have dedicated cybersecurity measures in place to protect their platforms and customers, but when a threat is on a customers’ side, it is no longer the provider's responsibility. Our research shows that companies should be more attentive to the cybersecurity hygiene of their employees and take measures that will protect their cloud environment from the inside."

Exertis Hammer distributes SonicWall firewalls and cybersecurity solutions. “With the ease at which SaaS applications can be rolled out — and the benefits of increased productivity and agility — it is easy to forget that the organisation is responsible for securing data and managing access for SaaS applications,” the vendor states on a recent blog.

Source: Hammer
Published Date: 10/03/2020

Back to News